CVE-2025-23363
Published: 11 February 2025
Summary
CVE-2025-23363 is a high-severity Open Redirect (CWE-601) vulnerability in Siemens Teamcenter. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the open redirect vulnerability by requiring timely patching to the fixed Teamcenter versions specified in the Siemens advisory.
Provides protections for public-facing SSO services against open redirect vulnerabilities like CWE-601 through enforced security requirements on web applications.
Prevents exploitation by validating user-controlled redirect URL inputs in the SSO login service to restrict them to trusted domains.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Open redirect in public-facing SSO service directly enables exploitation by crafting malicious links (UI:R) that redirect users to attacker sites for session data theft and hijacking.
NVD Description
A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO…
more
login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
Deeper analysisAI
CVE-2025-23363 is an open redirect vulnerability (CWE-601) in the SSO login service of Siemens Teamcenter, affecting all versions of V14.1 and V14.2, versions of V14.3 prior to V14.3.0.14, versions of V2312 prior to V2312.0010, versions of V2406 prior to V2406.0008, and versions of V2412 prior to V2412.0004. The service accepts user-controlled input that can specify a link to an external site, enabling redirection of legitimate users to attacker-chosen URLs during authentication flows.
Attackers with network access can exploit this vulnerability without privileges by crafting a malicious link that a legitimate user must actively click (UI:R). Upon interaction, the victim is redirected to an attacker-controlled site, where valid session data can be stolen, leading to potential session hijacking. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N), reflecting high confidentiality impact due to the changed scope.
Siemens has published security advisory SSA-656895 at https://cert-portal.siemens.com/productcert/html/ssa-656895.html, which documents the vulnerability and specifies patching to the listed fixed versions as the primary mitigation.
Details
- CWE(s)